We have an on-prem solution where a Windows Service (on a Windows Server VM) accesses a SQL Server database on another Windows Server VM. The Windows Service runs under a certain domain user (Log On), Integrated Security is specified in the connection string, and that user has been granted access to the database.

We are now moving this to Azure. How would you set this up?

Is it possible to use Azure Managed Identity in this scenario (a Windows Service on a VM, connecting to a SQL Server database on another VM)? Which user would the Windows Service run under, Local System? And would I specify Managed Identity instead of Integrated Security in the connection string? How would I grant access to the Managed Identity in SQL server? Would I have to setup RBAC somehow for the Windows Service VM to be able to access the SQL Server VM?

Or am I getting all of this wrong? Would it help if we moved the database from inside a VM to become a Azure SQL Managed Intance or Azure SQL database?

We have an on-prem solution where a Windows Service (on a Windows Server VM) accesses a SQL Server database on another Windows Server VM. The Windows Service runs under a certain domain user (Log On), Integrated Security is specified in the connection string, and that user has been granted access to the database.

We are now moving this to Azure. How would you set this up?

Is it possible to use Azure Managed Identity in this scenario (a Windows Service on a VM, connecting to a SQL Server database on another VM)? Which user would the Windows Service run under, Local System? And would I specify Managed Identity instead of Integrated Security in the connection string? How would I grant access to the Managed Identity in SQL server? Would I have to setup RBAC somehow for the Windows Service VM to be able to access the SQL Server VM?

Or am I getting all of this wrong? Would it help if we moved the database from inside a VM to become a Azure SQL Managed Intance or Azure SQL database?

• azure
• azure-sql-database
• azure-managed-identity
• azure-rbac

Share Improve this question Follow asked Nov 19, 2024 at 6:48 PoppertPoppert 42711 gold badge55 silver badges1717 bronze badges 1

• Have you tried any approach? – Bhavani Commented Nov 19, 2024 at 6:54

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

Option 1:

I think vm host sql server support managed identity. Have you tried this ? Microsoft Entra authentication for SQL Server docs

Option 2:

Using Azure SQL data sample docs